1. Field of the Invention
This invention relates to data loss prevention systems and, more particularly, to the detection and handling of encrypted data by data loss prevention systems.
2. Description of the Related Art
Organizations often maintain and handle sensitive data using computer systems and networks. Such data may be considered sensitive from a business and/or legal standpoint. For example, some computer files may contain proprietary information that the organization does not wish to be leaked to outside parties. In other examples, various legal constraints may require that an organization track personal information on its network. An organization may be legally required to abide by various data privacy and/or breach notification laws that require the organization to notify customers or other stakeholders when their information may have been exposed.
In order to identify, monitor, and protect sensitive data, organizations may employ a Data Loss Prevention (DLP) system. Such systems may also be known as Data Leak Prevention, Information Leak Detection and Prevention, Information Leak Prevention, Content Monitoring and Filtering, Extrusion Prevention System, among other names. In order to determine if a given file or other data stream contains sensitive information, a DLP system may scan the contents of the file or stream. If the contents are deemed sensitive, often according to a set of configurable heuristics, then the DLP system may take some protective action. For example, if a DLP system detects that a given user is attempting to transmit sensitive data to a third party, such as by emailing a sensitive file to a user on an outside network, the DLP system may detect and block the transmission attempt. The particular corrective action taken by the DLP system may depend on the type of sensitive information, administrator-configurable security settings, and/or a number of other factors.
A DLP system may scan the contents of any file before the file leaves the system, such as by email. In such an example, if a user attempts to transmit a document to an outside party by attaching the document to an email, the DLP system may scan the contents of that document before allowing or disallowing the attachment to be sent. If the DLP system determines that the document contains sensitive data (e.g., the document contains a header that includes the term “Confidential”), then the DLP system may prevent the email from being sent. Various other actions may be taken. For example, the DLP system may create a record of the transmission attempt, which may indicate the particular user, file, time of attempt, and the potential email recipient. In some instances, the DLP system may even sequester the file, for example, by encrypting it and moving it to an alternate location.